WiFi SSID tools

WIFI PineappleToday’s highlight – WIFI Pineapple Mark III Wireless Penetration Testing Tool.

There are many cool tools sold at conferences. One tool to check out is the WIFI Pineapple Mark III for around $100 dollars. Basically it’s a wireless honeypot using a man-in-the-middle attack to access data. The way it works is it listens for devices calling out for known wireless networks / SSIDs. The WIFI Pineapple will hear the request and clone the requested SSID so the device believes its connecting to a known trusted network.

An example is connecting an iPad on an airplane to the online network GOGO SSID. Some time later the user may be at a Starbucks and turn on the iPad that was used on the airplane. The iPad will beacon out “am I still on the airplane and can I re-connect to GOGO?”. The WIFI Pineapple will hear the request and reply back “I’m GOGO … welcome to the internet”. The iPad will auto-connect to the fake GOGO SSID without re-authenticating, which is really the WIFI Pineapple passing traffic through to another network while the hacker sits in the middle. Essentially, the WIFI Pineapple takes advantage of convenience services via auto connecting to known or trusted networks offered by most wireless devices.

The WIFI Pineapple is pretty easy to setup. It has two LAN interfaces (pass through and admin access). It provides auto DHCP 172.16.42.X to the administrative interface. To access the main interface, a GUI located at 172.16.42.1. From here, the pen tester can enable many tools as well as see who is connecting to the WIFI Pineapple. Network setup is pretty easy and designed to pass traffic through without systems knowing the difference from the fake SSID or real network.

Some built in tool highlights (in the release of software I’m running) are Karma, Snarf and DNS Spoofing. The GUI is pretty easy to get around. I used the WIFI Pineapple to capture cookies and replay in FireFox via the Add N Edit Cookies plugin. An example is capturing a Facebook cookie to accessing the victim’s Facebook account. An example of using cookies to access a gmail account can be found HERE regarding the cookie reply process.

You might also like
My Top 10 Tools for I.T. Pros: Inssider
My Top 10 Tools for I.T. Pros: Inssider
WiFi Password Hack 2013 [Direct Download Tool]
WiFi Password Hack 2013 [Direct Download Tool]
WiFi SSID Sniffer in 11 Lines of Python using Raw Sockets
WiFi SSID Sniffer in 11 Lines of Python using Raw Sockets
Blusmart Blusmart WIFI Wireless OBD2 Auto Scanner Adapter Scan Tool for iPhone iPad iPod(Green)
Automotive Parts and Accessories (Blusmart)
  • Works with all OBD-II compliant vehicles
  • Works on all 1996 to 2010 cars and light trucks sold in the United States, some 1994 and 1995 models are also ok
  • Software included in CD for Smartphone, PC and iOS (iPhone, iPad, iTouch, Mac)
  • Clear trouble codes and turn off the MIL ( Check Engine light)
  • Read diagnostic trouble codes, both generic and manufacturer-specific, and display their meaning (over 3 generic code definitions in the database)
Related Posts